The security of medical implants

By Luther Martin — June 20, 2011

I just came across an interesting paper about the security of medical implants. It seems that much like the Internet, medical implants weren't designed with security in mind, and "They Can Hear Your Heartbeats: Non-Invasive Security for Implantable Medical Devices" (PDF) by Shyamnath Gollakota, Haitham Hassanieh, Benjamin Ransford, Dina Katabi and Kevin Fu describes a way that they've developed to work around some of these issues. Here's how the abstract of this paper describes their work:

Wireless communication has become an intrinsic part of modern implantable medical devices (IMDs). Recent work, however, has demonstrated that wireless connectivity can be exploited to compromise the confidentiality of IMDs’ transmitted data or to send unauthorized commands to IMDs—even commands that cause the device to deliver an electric shock to the patient. The key challenge in addressing these attacks stems from the difficulty of modifying or replacing already-implanted IMDs. Thus, in this paper, we explore the feasibility of protecting an implantable device from such attacks without modifying the device itself. We present a physical-layer solution that delegates the security of an IMD to a personal base station called the shield. The shield uses a novel radio design that can act as a jammer-cum-receiver. This design allows it to jam the IMD’s messages, preventing others from decoding them while being able to decode them itself. It also allows the shield to jam unauthorized commands—even those that try to alter the shield’s own transmissions. We implement our design in a software radio and evaluate it with commercial IMDs. We find that it effectively provides confidentiality for private data and protects the IMD from unauthorized commands.

So it looks like lots of medical implants have wireless connections that doctors can use to communicate with them. And because hackers could also use these same wireless connections to hijack the implants and have them do bad things, it's reasonable to worry about their security. That's something that I hadn't considered before.